Free Word download β’ Edit online β’ Save & share with Drive β’ Export to PDF
An Incident Investigation Policy is an operational document that establishes how an organization identifies, reports, investigates, and resolves workplace incidents β including injuries, near-misses, property damage, and environmental events. It assigns clear roles to supervisors, safety managers, and senior leadership; defines incident classification tiers with specific numerical thresholds; sets mandatory reporting timelines; and specifies the root-cause analysis methods investigators must use. Rather than responding to incidents ad hoc, the policy ensures every event β from a minor first-aid case to a critical injury β triggers a consistent, documented process that produces actionable findings and verified corrective actions.
Without a written incident investigation policy, investigations happen inconsistently at best and not at all at worst. Supervisors classify events differently, witnesses are interviewed in groups that produce unreliable accounts, corrective actions are assigned informally and never closed, and records are stored in email inboxes that disappear when employees leave. The consequences are concrete: recurring hazards injure additional workers, regulators find no documented evidence of investigations during audits, and insurers or opposing counsel demonstrate that the organization had no systematic process for preventing known risks. A formal policy also satisfies the explicit or implied documentation requirements of OSHA, provincial OHS legislation in Canada, and the EU Framework Directive β giving compliance officers a single document to point to when demonstrating due diligence. This template gives you a complete, customizable starting point that takes hours to adapt, not weeks to draft from scratch.
| If your situation is⦠| Use this template |
|---|---|
| Documenting a specific incident after it occurs | Incident Report Form |
| Establishing a broad workplace health and safety framework | Health and Safety Policy |
| Tracking corrective actions that arise from investigations | Corrective Action Plan |
| Investigating a near-miss before an injury occurs | Near-Miss Report Form |
| Conducting a formal root-cause analysis for a serious incident | Root Cause Analysis Report |
| Managing employee injury claims and return-to-work plans | Return to Work Plan |
| Reviewing safety performance and incident trends over a period | Safety Audit Report |
Why it matters: Near-misses and property damage share the same root causes as serious injuries. Excluding them from investigation means recurring hazards go unaddressed until someone is hurt.
Fix: Expand the scope to cover all unplanned events β including near-misses, environmental releases, and property damage β and set a proportionate investigation depth for each.
Why it matters: Terms like 'minor' or 'significant' are interpreted differently by every supervisor, leading to inconsistent classification and systematic underreporting of serious events.
Fix: Replace subjective language with explicit criteria: days away from work, medical treatment type, or dollar value of damage for each classification tier.
Why it matters: Corrective actions without a named owner and a fixed deadline are routinely left open for months, leaving the original hazard in place while the organization believes it has been addressed.
Fix: Require a named owner and a tier-specific due date for every corrective action, and build a review step into each monthly safety meeting to track closure.
Why it matters: When a supervisor leaves the organization, records disappear β and during audits, litigation, or regulatory inspections, the company cannot demonstrate that investigations occurred or that corrective actions were taken.
Fix: Designate a centralized, access-controlled system for all investigation records and specify the location explicitly in the policy's recordkeeping section.
Enter your company name, the locations and facilities covered, and the categories of workers subject to the policy β employees, contractors, temporary staff, and visitors. Be explicit about any exclusions.
π‘ If your organization operates across multiple jurisdictions, list each location separately so site managers know exactly which rules apply to them.
Review each defined term and adjust language to match your industry's standard terminology. Add any sector-specific terms β for example, 'spill' or 'exposure event' in chemical manufacturing β that your workers will encounter.
π‘ Cross-reference your definitions with your OSHA 300 Log criteria or equivalent regulatory standard to ensure consistency between this policy and your recordkeeping obligations.
Replace the placeholder role titles with the actual job titles used in your organization. For each role, list only the obligations that role can realistically fulfill given their authority and training level.
π‘ Designate a backup investigator for each tier β investigations should not stall because the primary responsible person is absent or is a subject of the investigation.
Enter specific numerical thresholds for each incident tier β dollar amounts for property damage, days away from work for injury severity β and pair each tier with a mandatory reporting timeline.
π‘ Check your jurisdiction's regulatory reporting deadlines (OSHA requires notification of fatalities within 8 hours and hospitalizations within 24 hours) and ensure your internal timelines are tighter than the regulatory ones.
Choose one or two RCA methods β 5 Whys, Fishbone diagram, or Fault Tree Analysis β and specify which method applies to which classification tier. Attach the corresponding form or worksheet as an appendix.
π‘ 5 Whys works well for Tier 1 incidents; reserve Fault Tree Analysis for complex Tier 3 events involving multiple contributing factors or system failures.
Specify the tracking system β a spreadsheet, a safety management platform, or your existing project management tool β and enter the due-date windows for each tier. Include the escalation path if a corrective action is not closed on time.
π‘ Link corrective-action items directly to the investigation record so auditors can trace from incident to finding to resolution in one document trail.
Enter the minimum retention period for investigation records β typically 5 years for most OSHA-covered employers β and specify which roles can access full reports versus summary data.
π‘ Consult your legal counsel before setting retention periods if your organization operates in multiple jurisdictions; EU GDPR and some Canadian provincial privacy laws impose limits on how long personal information in incident records can be kept.
Name the role responsible for the annual review, set a calendar reminder, and document the distribution list β every employee and contractor covered by the policy must receive a copy and acknowledge receipt.
π‘ Version-control the policy with a date and version number in the footer so that during litigation or audits, you can prove which version was in effect at the time of any given incident.
An incident investigation policy is an organizational document that defines how workplace incidents β injuries, near-misses, property damage, and environmental events β are identified, reported, investigated, and resolved. It assigns roles, sets timelines, specifies investigation methods, and establishes how corrective actions are tracked to completion. The policy ensures that incidents are addressed consistently and that root causes are eliminated rather than symptoms alone.
An incident report is a form used to document the facts of a specific event β what happened, when, where, and who was involved. An incident investigation policy is the governing procedure that tells employees how to respond to any incident: who is responsible, how investigations are conducted, what analysis methods to use, and how findings are tracked and stored. The report is a single record; the policy is the framework that governs all records.
Responsibility typically depends on the severity of the incident. Minor (Tier 1) incidents are usually investigated by the direct supervisor with support from the safety team. Serious (Tier 2) incidents require a trained safety manager or a cross-functional team. Critical (Tier 3) incidents β fatalities, serious injuries, or major environmental releases β should involve senior leadership, the safety manager, and in some cases external specialists or legal counsel. Investigators should not have a direct supervisory interest in the outcome.
In many jurisdictions, a documented incident investigation procedure is either explicitly required or strongly implied by occupational health and safety legislation. OSHA regulations in the United States require employers to investigate workplace fatalities and serious injuries and to maintain OSHA 300 Logs. In Canada, provincial OHS legislation typically mandates investigation of critical injuries. In the EU, the Framework Directive 89/391/EEC requires employers to take preventive measures following workplace incidents. A written policy demonstrates compliance with these obligations.
The most commonly used methods are the 5 Whys (asking 'why' iteratively until the underlying cause is identified), the Fishbone (Ishikawa) diagram (mapping causes across categories such as people, equipment, environment, and procedures), and Fault Tree Analysis (a logic-diagram approach for complex events with multiple contributing factors). Most organizations specify 5 Whys for minor incidents and Fishbone or Fault Tree Analysis for serious or critical events. The key is choosing one method per tier and training investigators to use it consistently.
OSHA requires most employers to retain OSHA 300 Logs and related records for at least five years. Incident investigation reports tied to workers' compensation claims may need to be retained for the duration of any open claim plus several years. In Canada and the EU, retention periods vary by province or member state. As a practical baseline, retaining all investigation records for a minimum of seven years covers most regulatory and litigation exposure. Consult legal counsel for jurisdiction-specific requirements.
Most safety management systems require at least an annual policy review. In addition, the policy should be reviewed immediately following any Tier 3 incident, after a significant regulatory change, or any time an investigation reveals that the existing procedure was inadequate or was not followed. Assign a named owner for each review cycle and document the outcome β including 'no changes required' β in the policy version log.
Yes β near-miss investigation is one of the highest-value activities in any safety program. Near-misses share the same root causes as serious injuries but occur without actual harm, making them low-cost opportunities to eliminate hazards before someone is hurt. Organizations that systematically investigate and resolve near-misses typically see measurable reductions in serious injury rates within 12 to 24 months. The policy should explicitly include near-misses in scope and assign them at least a Tier 1 investigation.
The template's structure β classification tiers, reporting timelines, investigation steps, root-cause analysis, and corrective-action tracking β applies equally well to IT security incidents, data breaches, and operational failures. You would need to customize the definitions, role assignments, and regulatory references to match the applicable framework (such as NIST or ISO 27001 for information security). Many organizations maintain a separate Information Security Incident Response Policy for this purpose, using the same structural approach.
An incident report form is a single-use document that captures the facts of one specific event β who was involved, what happened, and what immediate actions were taken. The incident investigation policy is the standing procedure that governs how every incident is handled, investigated, and resolved over time. You need both: the policy defines the process; the form executes it.
A health and safety policy sets the organization's overall commitment to workplace safety, assigns general responsibilities, and outlines the safety management framework. An incident investigation policy is a specific procedure nested within that framework, focused entirely on what happens after an incident occurs. The broader safety policy should reference the investigation policy as a supporting procedure.
A corrective action plan documents the specific steps, owners, and timelines for resolving a gap or deficiency identified during an investigation or audit. An incident investigation policy governs the entire investigation process that produces the findings a corrective action plan then addresses. The policy generates corrective actions; the plan tracks them to closure.
A risk assessment is a proactive tool that identifies and evaluates hazards before incidents occur and assigns preventive controls. An incident investigation policy is a reactive procedure triggered after an unplanned event. Together they form a complete safety loop: the risk assessment prevents incidents; the investigation policy ensures that incidents that do occur are fully analyzed and do not recur.
High frequency of machinery-related near-misses and injuries makes tiered classification and fast scene preservation critical to root-cause accuracy.
Multi-employer worksites require the policy to specify which employer's investigation procedure governs and how subcontractor incidents are reported to the prime contractor.
Investigates both patient-safety incidents and staff injuries, with mandatory regulatory reporting to bodies such as the Joint Commission or provincial health authorities.
Vehicle incidents, cargo damage, and driver injuries each require separate classification criteria, and DOT reporting obligations must be integrated into the timeline section.
High customer-facing incident rate β slips, trips, and food-safety events β means the policy must address both employee and customer incidents with distinct documentation paths.
Incident investigation covers operational outages and data breaches in addition to physical workplace events, requiring the policy to reference IT incident response procedures alongside OHS obligations.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Small to mid-sized businesses establishing a formal investigation procedure for the first time | Free | 2β4 hours to customize and distribute |
| Template + professional review | Organizations in high-hazard industries or those subject to specific regulatory reporting obligations | $500β$2,000 for a safety consultant or OHS specialist review | 3β5 business days |
| Custom drafted | Large multi-site employers, heavily regulated industries (mining, aviation, chemical), or organizations responding to a regulatory enforcement action | $3,000β$10,000+ for a specialized OHS consultant or law firm | 2β6 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Start freeΒ Β·Β No credit card required
